5

I am trying to launch my Jenkins slave via command line through JNLP, so that I can put the command in the task scheduler. However, I am facing authentication issues only when I use the -secret option with the secret key generated by Jenkins. Works fine if I pass the -auth option with the same username password that I use for Jenkins. 

java -jar slave.jar -jnlpUrl http://<jenkins host>:<port>/jenkins/computer/<Slave name>/slave-agent.jnlp -secret <secret_key> -workDir "C:\Jenkins\Robot"

Note: the command I try to execute is as is copied from Jenkins page.

It gives following error:

 org.jenkinsci.remoting.engine.WorkDirManager initializeWorkDirINFO: Using C:\Jenkins\Robot\remoting as a remoting work directory Both error and output logs will be printed to C:\Jenkins\Robot\remoting Not use http_proxy property or environment variable which is invalid: unknown protocol: one.proxy.att.com Failing to obtain http://<host:port>/jenkins/computer/<job>/slave-agent.jnlp?encrypt=true
 java.io.IOException: Failed to load http://<host:port>/jenkins/computer/<job>//slave-agent.jnlp?encrypt=true: 401 Unauthorized
         at hudson.remoting.Launcher.parseJnlpArguments(Launcher.java:485)
         at hudson.remoting.Launcher.run(Launcher.java:316)
         at hudson.remoting.Launcher.main(Launcher.java:277)
 Waiting 10 seconds before retry

However, if I change command as follows, it runs successfully.

java -jar slave.jar -jnlpUrl http://<jenkins host>:<port>/jenkins/computer/<Slave name>/slave-agent.jnlp/slave-agent.jnlp -auth <user>:<pass> -workDir "C:\Jenkins\Robot"

I cannot keep my credentials in the launch file as this will remain in public shared repository. Pls help.

Vadim Kotov
  • 8,084
  • 8
  • 48
  • 62
Patz
  • 294
  • 4
  • 18
  • I’m having the same issue, one recommendation I see here is to allow anonymous access, this seems like an insecure work around. Has anyone got this to work without sacrificing security? Also OP are you going from Linux master to Windows agent? – JoeRod Mar 20 '19 at 21:21

2 Answers2

1

I think that your issue may come from a security management. Have you enable TCP port for JNLP agents in your Global Security ?

Go to Manage Jenkins > Global Security, Enable TCP port for JNLP agents, select Fixed and fill the port you used in your jnlpUrl, then select Java Web Start Agent Protocol/4 and save your config.

Further documentation here.

SmartTom
  • 691
  • 7
  • 14
-3

I had a similar problem. I resolved it by allowing anonymous access to Jenkins (the option is available in Manage Jenkins page, Kerberos properties section - we use Kerberos Single Sign-On plugin for Jenkins authentication, so not sure how would other authentication plugins work).

I'd also recommend limiting the scope of anonymous access if you enable it.

Martin Spisiak
  • 1
  • 1